Microsoft 365 cloud service's privacy statement
Articles 13 and 14 of the EU General Data Protection Regulation
Data Protection Act (1050/2018)
Articles 13 and 14 of the Combined Data Subject Information Document (EU Data Protection Regulation 2016/679)
1. Controller
Seinäjoki University of Applied Sciences, SeAMK Library
Kampusranta 11, Frami F
FI-60320 Seinäjoki, Finland
+358 20 124 3000
seamk(at)seamk.fi
2. Controller’s representative
Asmo Myllyaho, Head of Property and Information Management, Seinäjoki University of Applied Sciences
tel. +358 40 830 4262
asmo.myllyaho(at)seamk.fi
2a. Official responsible for the personal data file
Veli-Matti Mäkelä, Coordinator, Information Management, Seinäjoki University of Applied Sciences
tel. +358 40 830 3990
veli-matti.makela(at)seamk.fi
2b. Contact persons in matters relating to the data file
Veli-Matti Mäkelä, Coordinator, Information Management, Seinäjoki University of Applied Sciences
tel. +358 40 830 3990
veli-matti.makela(at)seamk.fi
2c. Contact details of the Data Protection Officer
Jarmo Jaskari, Data Protection Officer, Seinäjoki University of Applied Sciences
tel. +358 40 868 0680
jarmo.jaskari(at)seamk.fi
3. Name of the data file
Microsoft 365 cloud service (Azure AD) of the Seinäjoki University of Applied Sciences.
4. Purpose of processing personal data/data file use
Personal data are processed on the basis of an employment relationship and/or the right to study or other general conditions laid down in section 8 of the Personal Data Act.
The user directory and the data it contains are used in the access control for Microsoft 365 services such as OneDrive, email, and Teams.
5. Purpose of maintaining the data file
–
5a. Data content of the file
Username, organisation information, unit, name information, phone number information (staff), email addresses, SIP address, title, description, login information, user image, group membership, M365 license information
5b. Information systems using the data file
Microsoft 365 services and possibly other services for logging in.
6. Regular sources of data
A license application signed by the user for accessing the network of the university of applied sciences.
Personnel:
- HR register, via the user administration system
Students:
- Student register, via the user administration system
7. Regular disclosure of data
General Active Directory data are disclosed to the Microsoft 365 cloud service.
8. Transfer of data outside the EU or the EEA
Personal information is transferred outside the European Union or the European Economic Area (Microsoft online) to provide access and support services. The transfer is based on the Microsoft Online Services Terms and Conditions, including the model contract clauses approved by the Commission (Appendix 3), which are available in the Microsoft Terms of Use at: http://www.microsoftvolumelicensing.com/Downloader.aspx?documenttype=OST&lang=English
9. Principles of data file protection
A. Manual material
There is no manual version of the user directory, but signed licence applications are stored in a safe facility.
B. Computer-processed data
The data are protected by user names and passwords. Data protection complies with the internal data security regulations of the university of applied sciences.